The UIDAI (Unique Identification Authority of India) on Tuesday dismissed reports of hacking of Aadhaar enrolment software as “completely incorrect and irresponsible” and said it was the insiders who were deliberately trying to create confusion among the common mass.
HIGHLIGHTS
• Such reports are “completely incorrect and irresponsible”, said UIDAI
• “Vested interests deliberately trying to create confusion among people”
• Any person can generate Aadhaar ID using the patch for ₹2,500: report
The report of denial hit after an ‘investigation by HuffPost India’ revealed that the Aadhaar database, which contains the biometrics and personal information of over one billion Indians, “had been compromised by a software patch which disables critical security features of the software used to enroll new Aadhaar users”.
Earlier, a report by the HuffPost said a software patch available for as little as ₹2,500 lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorized Aadhaar numbers. It said the patch also disables the GPS security feature of the software allowing anyone from any location to enroll users.
The UIDAI said, “the claims about Aadhaar being vulnerable to tampering lacked substance and were totally baseless”. Report says.
“Certain vested interests are deliberately trying to create confusion in the minds of people which is completely unwarranted,” a statement issued by the organization said.
Fraudulent Aadhaar Reports
It added that the UIDAI makes sure to match all the biometrics (both fingerprints & iris) before the enrolled Aadhaar card holder gets the issuing of the unique ID.
“UIDAI has taken all necessary safeguard measures spanning from providing standardized software that encrypts entire data even before saving to any disk, protecting data using tamper proofing, identifying every one of the operators in every enrolment, identifying every one of thousands of machines using a unique machine registration process, which ensures every encrypted packet is tracked,” the statement said.
It said all measures to ensure end-to-end security of resident data were taken including full encryption of resident data.
UIDAI clarified that no operator can make or update Aadhaar unless resident himself gives his biometric.”Any enrolment or update request is processed only after biometrics of the operator is authenticated and resident’s biometrics is de-duplicated at the backend of UIDAI system,” it said.
Aadhaar Card is safe & secure
It added that as part of its “stringent” enrolment and updation process, UIDAI checks enrolment operator’s biometric and other parameters before processing the enrolment or updates and only after all checks are found to be successful, enrolment or update of a resident is further processed.
“Therefore it is not possible to introduce ghost entries into Aadhaar database.”
UIDAI said that even in a hypothetical situation where a ghost enrolment or update packet is sent to the UIDAI by some “manipulative attempt”, the same is identified by the robust back-end system and all such enrolment packets get rejected and no Aadhaar is generated.
“Also, the concerned enrolment machines and the operators are identified, blocked and blacklisted permanently from the UIDAI system.
Inappropriate cases, police complaints are also filed for such fraudulent attempts,” it said.
UIDAI said that the reported claim of “anybody is able to create an entry into the Aadhaar database, then the person can create multiple Aadhaar cards” is completely false.
“If an operator is found violating UIDAI’s strict enrolment and update processes or if one indulges in any type of fraudulent or corrupt practices, UIDAI blocks and blacklists them and imposes a financial penalty up to ₹1 lakh per instance. It is because of this stringent and robust system that as on date more than 50,000 operators have been blacklisted,” UIDAI added.
It said that it keeps adding new security features in its system as required from time-to-time to thwart new security threats by unscrupulous elements.